CVE-2021-33853

EUVD-2021-20527
A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the user attempts to access any page of the CRM.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
x2enginex2crm
8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cybersecurityworks.com/zerodays/cve-2021-33853-stored-cross-site-scripting-in-x2crm.html
https://cybersecurityworks.com/zerodays/cve-2021-33853-stored-cross-site-scripting-in-x2crm.html